Replacement Sheet 



User generates a pseudonym 



f 

Pseudonym is encrypted 

I 

User selects Service Provider Identifier 



f 

User blinds Pseudonym & Provider Identifier with Random Factor 



f 

Transmit signed message to Validating Agency Server 



f 

Validation Server receives and verifies Message 



f 

Validation Server signs Pseudonym and Returns to User 



f 

User is in receipt of Validated Pseudonym 
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Replacement Sheet 



Client Processor Forms Encrypted Message with signed validated 
pseudonym 



Message is routed to Proxy Server 

t 

Proxy Server decodes Message 



¥ 

Proxy Server forwards Message to identified information server 



1 

Information server processes received request 



1 

Information server transmits response to proxy server 

i 

Proxy server creates response message to user 

I 

Client Processor Tabulates User Interest 



i 

Client Processor Transmits Message to Proxy Server to Update 
Profile Interest Summary 
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Replacement Sheet 



User is entered into the system as a "Person" and assigned a UID 



I 

User is registered in the System as a User Type with associated 
Pseudonym and ACRS 



I 

User selects (or system assigns) Service Provider Identifier 



1 

PPS provides blind pseudonym & Service Provider identifier with a 
random factor 



1 

Signed message is transmitted from User to Provider through PPS 



1 

PPS receives message and, based on ACRS, validates relationship 
between User, Provider and/or PDO 



f 

PPS authorizes System to enable User to view PDO's Actual PD or 
Pseudonyms, based on ACRS 



i 

User receives from System PDO's Actual PD and/or Pseudonyms, 
based on ACRS 
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Client Processor Forms Encrypted Message with signed validated 
pseudonym requesting PDO's PD 



I 

Message is routed to Proxy Server 



i 

Proxy Server decodes Message 



I 

Based upon the User's UID and the Individual PDO's UID, the 
proxy server directs the message to the Information Server 
designated for processing that message. 

I 

Information server processes received request according to the 
appropriate ACRS relating to that User and PDO 



1 

In accordance with the message request information, Server 

formulates ACRS - based response in accordance with the signed, 

validated pseudonym and User identifier 



i 

Upon receiving response from Information server, proxy server 
transmits pseudonym ized and encrypted response message to 
User's client processor and enables decryption of the message for 
User access 

I 

Proxy server authorizes User access to pseudonymized or actual 
PD based on ACRS relating to that User and PDO 
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User- 
Request 
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Replacement Sheet 
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Replacement Sheet 



Dr. A - Server 1 - Maintains Patient's Medical record with ACRS 
governing access for Dr. A's staff and limited access for Patient 



1 

Patient routes message to Dr. A with signed Authorization to 

release records attached, requesting that Dr. A grant access to 

Patient's medical records to Dr. B 

I 

Proxy Server codes Message to Pseudonymize identity of Dr. B. Dr. 
A's ACRS replaces Dr. B's name with a Pseudonym 



1 

Based upon the service provider identifier associated with the 
message, the proxy server forwards the message to Dr. B (or an 
identified information server - Server S 2 designated by Dr. B and 
synchronized with Dr. A's server per ACRS) 



1 

Information server processes received request and grants ACRS to 
Dr. B in accordance with Authorization granted by Patient (e.g. 
release everything but address and social security number) 



1 

In accordance with the message request information, Server 

forwards the message to Dr. B with ACRS -based 

pseudonymization of PD 

I 

Dr. B logs onto the system which identifies Dr. B as a User with the 
appropriate ACRS as granted to Dr. B by Patient 



¥ 

Dr. B accesses Patient's Medical Records with specific PD 
pseudonymized in accordance with Dr. B's ACRS 
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